From: Andrey Konovalov <andreyknvl@google.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Dmitry Vyukov <dvyukov@google.com>,
Alexander Potapenko <glider@google.com>,
Marco Elver <elver@google.com>
Cc: Will Deacon <will.deacon@arm.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Peter Collingbourne <pcc@google.com>,
Evgenii Stepanov <eugenis@google.com>,
Branislav Rankov <Branislav.Rankov@arm.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Andrey Konovalov <andreyknvl@google.com>
Subject: [PATCH v3 mm 13/13] kasan: clarify that only first bug is reported in HW_TAGS
Date: Fri, 5 Feb 2021 18:34:47 +0100 [thread overview]
Message-ID: <00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com> (raw)
In-Reply-To: <cover.1612546384.git.andreyknvl@google.com>
Hwardware tag-based KASAN only reports the first found bug. After that MTE
tag checking gets disabled. Clarify this in comments and documentation.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
Documentation/dev-tools/kasan.rst | 8 ++++++--
mm/kasan/hw_tags.c | 2 +-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
index e022b7506e37..1faabbe23e09 100644
--- a/Documentation/dev-tools/kasan.rst
+++ b/Documentation/dev-tools/kasan.rst
@@ -155,7 +155,7 @@ Boot parameters
~~~~~~~~~~~~~~~
Hardware tag-based KASAN mode (see the section about various modes below) is
-intended for use in production as a security mitigation. Therefore it supports
+intended for use in production as a security mitigation. Therefore, it supports
boot parameters that allow to disable KASAN competely or otherwise control
particular KASAN features.
@@ -166,7 +166,8 @@ particular KASAN features.
``off``).
- ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN
- report or also panic the kernel (default: ``report``).
+ report or also panic the kernel (default: ``report``). Note, that tag
+ checking gets disabled after the first reported bug.
For developers
~~~~~~~~~~~~~~
@@ -296,6 +297,9 @@ Note, that enabling CONFIG_KASAN_HW_TAGS always results in in-kernel TBI being
enabled. Even when kasan.mode=off is provided, or when the hardware doesn't
support MTE (but supports TBI).
+Hardware tag-based KASAN only reports the first found bug. After that MTE tag
+checking gets disabled.
+
What memory accesses are sanitised by KASAN?
--------------------------------------------
diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c
index e529428e7a11..6c9285c906b8 100644
--- a/mm/kasan/hw_tags.c
+++ b/mm/kasan/hw_tags.c
@@ -48,7 +48,7 @@ EXPORT_SYMBOL(kasan_flag_enabled);
/* Whether to collect alloc/free stack traces. */
DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace);
-/* Whether panic or disable tag checking on fault. */
+/* Whether to panic or print a report and disable tag checking on fault. */
bool kasan_flag_panic __ro_after_init;
/* kasan=off/on */
--
2.30.0.365.g02bc693789-goog
WARNING: multiple messages have this Message-ID (diff)
From: Andrey Konovalov <andreyknvl@google.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Dmitry Vyukov <dvyukov@google.com>,
Alexander Potapenko <glider@google.com>,
Marco Elver <elver@google.com>
Cc: Branislav Rankov <Branislav.Rankov@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Will Deacon <will.deacon@arm.com>,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Peter Collingbourne <pcc@google.com>,
Evgenii Stepanov <eugenis@google.com>
Subject: [PATCH v3 mm 13/13] kasan: clarify that only first bug is reported in HW_TAGS
Date: Fri, 5 Feb 2021 18:34:47 +0100 [thread overview]
Message-ID: <00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com> (raw)
In-Reply-To: <cover.1612546384.git.andreyknvl@google.com>
Hwardware tag-based KASAN only reports the first found bug. After that MTE
tag checking gets disabled. Clarify this in comments and documentation.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
Documentation/dev-tools/kasan.rst | 8 ++++++--
mm/kasan/hw_tags.c | 2 +-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
index e022b7506e37..1faabbe23e09 100644
--- a/Documentation/dev-tools/kasan.rst
+++ b/Documentation/dev-tools/kasan.rst
@@ -155,7 +155,7 @@ Boot parameters
~~~~~~~~~~~~~~~
Hardware tag-based KASAN mode (see the section about various modes below) is
-intended for use in production as a security mitigation. Therefore it supports
+intended for use in production as a security mitigation. Therefore, it supports
boot parameters that allow to disable KASAN competely or otherwise control
particular KASAN features.
@@ -166,7 +166,8 @@ particular KASAN features.
``off``).
- ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN
- report or also panic the kernel (default: ``report``).
+ report or also panic the kernel (default: ``report``). Note, that tag
+ checking gets disabled after the first reported bug.
For developers
~~~~~~~~~~~~~~
@@ -296,6 +297,9 @@ Note, that enabling CONFIG_KASAN_HW_TAGS always results in in-kernel TBI being
enabled. Even when kasan.mode=off is provided, or when the hardware doesn't
support MTE (but supports TBI).
+Hardware tag-based KASAN only reports the first found bug. After that MTE tag
+checking gets disabled.
+
What memory accesses are sanitised by KASAN?
--------------------------------------------
diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c
index e529428e7a11..6c9285c906b8 100644
--- a/mm/kasan/hw_tags.c
+++ b/mm/kasan/hw_tags.c
@@ -48,7 +48,7 @@ EXPORT_SYMBOL(kasan_flag_enabled);
/* Whether to collect alloc/free stack traces. */
DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace);
-/* Whether panic or disable tag checking on fault. */
+/* Whether to panic or print a report and disable tag checking on fault. */
bool kasan_flag_panic __ro_after_init;
/* kasan=off/on */
--
2.30.0.365.g02bc693789-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-05 17:45 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-05 17:34 [PATCH v3 mm 00/13] kasan: optimizations and fixes for HW_TAGS Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 01/13] kasan, mm: don't save alloc stacks twice Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 02/13] kasan, mm: optimize kmalloc poisoning Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 03/13] kasan: optimize large " Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 04/13] kasan: clean up setting free info in kasan_slab_free Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 05/13] kasan: unify large kfree checks Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 06/13] kasan: rework krealloc tests Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 07/13] kasan, mm: fail krealloc on freed objects Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 08/13] kasan, mm: optimize krealloc poisoning Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-08 10:48 ` Marco Elver
2021-02-08 10:48 ` Marco Elver
2021-02-09 13:24 ` Andrey Konovalov
2021-02-09 13:24 ` Andrey Konovalov
2021-02-09 13:24 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 09/13] kasan: ensure poisoning size alignment Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 10/13] arm64: kasan: simplify and inline MTE functions Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` [PATCH v3 mm 11/13] kasan: inline HW_TAGS helper functions Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-08 11:04 ` Marco Elver
2021-02-08 11:04 ` Marco Elver
2021-02-05 17:34 ` [PATCH v3 mm 12/13] arm64: kasan: export MTE symbols for KASAN tests Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov [this message]
2021-02-05 17:34 ` [PATCH v3 mm 13/13] kasan: clarify that only first bug is reported in HW_TAGS Andrey Konovalov
2021-02-05 17:34 ` Andrey Konovalov
2021-02-08 11:06 ` Marco Elver
2021-02-08 11:06 ` Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com \
--to=andreyknvl@google.com \
--cc=Branislav.Rankov@arm.com \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=catalin.marinas@arm.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kevin.brodsky@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pcc@google.com \
--cc=vincenzo.frascino@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.